The Garage4Hackers CTF level 1 challenge came to life on 25th December, 2013 at 10:30 PM IST. It saw nice participation from across the globe with some really creative attempts to crack the challenge. It took us some serious judging to filter out the top attempts. Finally we are done with it. And now we are pleased to announce the results of our Level 1 challenge !!

The Challenge was http://54.197.234.66/index.php?wish=hohohoSanta :

To try to execute simple PHP code or pwn the server and try to update the http://54.197.234.66/updateme.txt.

expose_php = Off
display_errors = Off
track_errors = Off
html_errors = Off

Vulnerability Description :

I would like to give special thanks to David Vieira-Kurz(@secalert) for finding this awesome bug on Ebay. This kind of vulnerability was less known until lately when it shot to limelight (http://www.secalert.net/2013/12/13/ebay-remote-code-execution/) . We decided to make Level 1 challenge based on this vulnerability and tried to emulate the same flaw as in the case of eBay. For more details on the vulnerability check following blogs.